[Lldb-commits] [lldb] r178352 - Updated the code signing docs.

Greg Clayton gclayton at apple.com
Fri Mar 29 10:53:55 PDT 2013 

Author: gclayton
Date: Fri Mar 29 12:53:55 2013
New Revision: 178352

URL: http://llvm.org/viewvc/llvm-project?rev=178352&view=rev
Log:
Updated the code signing docs.


Modified:
    lldb/trunk/docs/code-signing.txt

Modified: lldb/trunk/docs/code-signing.txt
URL: http://llvm.org/viewvc/llvm-project/lldb/trunk/docs/code-signing.txt?rev=178352&r1=178351&r2=178352&view=diff
==============================================================================
--- lldb/trunk/docs/code-signing.txt (original)
+++ lldb/trunk/docs/code-signing.txt Fri Mar 29 12:53:55 2013
@@ -1,6 +1,6 @@
 On MacOSX lldb needs to be code signed. The Debug, DebugClang and Release 
 builds  are set to code sign using a code signing certificate named 
-lldb_codesign. 
+"lldb_codesign". 
 
 If you have re-installed a new OS, please delete all old lldb_codesign items
 from your keychain. There will be 3: a code signing certification and a public
@@ -30,38 +30,32 @@ If you don't have one yet you will need
 - Click Done
 - Click on the "My Certificates"
 - Double click on your new lldb_codesign certificate
-- Turn down the "Trust" disclosure triangle
-
-	Change:
-		When using this certificate: Always Trust
-
-- Enter your login password to confirm and make it trusted
-
-The next steps are necessary on SnowLeopard, but are probably because of a bug
-how Keychain Access makes certificates.
-[Note: These also apply for Lion and Mountain Lion.]
-
-- Drag the new lldb_codesign certificate from the login keychain to
-  the System keychain in the Keychains pane of the main Keychain Access window
-  to make a copy of this certificate in the System keychain.  You'll have to
-  authorize a few more times, set it to be "Always trusted" when asked.
-- Make sure there is no "~/Desktop/lldb_codesign.cer" file on your desktop,
-  if there is one, delete it first, otherwise when you drag a copy of the
-  lldb_codesign certificate to your desktop it will get renamed as
-  "lldb_codesign_1.cer" and the security command you run below will trust the
-  old incorrect certificate.
-- Switch to the System keychain, and drag the copy of lldb_codesign you just
-  made there onto the desktop.
+- Turn down the "Trust" disclosure triangle, scroll to the "Code Signing" trust
+  pulldown menu and select "Always Trust" and authenticate as needed using your
+  username and password.
+- Drag the new "lldb_codesign" code signing certificate (not the public or private
+  keys of the same name) from the "login" keychain to the "System" keychain in the 
+  Keychains pane on the left hand side of the main Keychain Access window. This will
+  move this certificate to the "System" keychain. You'll have to authorize a few
+  more times, set it to be "Always trusted" when asked.
+- Remove "~/Desktop/lldb_codesign.cer" file on your desktop if there is one.
+- In the Keychain Access GUI, click and drag "lldb_codesign" in the "System" keychain
+  onto the desktop. The drag will create a "~/Desktop/lldb_codesign.cer" file used in
+  the next step.
 - Switch to Terminal, and run the following:
 
 sudo security add-trust -d -r trustRoot -p basic -p codeSign -k /Library/Keychains/System.keychain ~/Desktop/lldb_codesign.cer
 rm -f ~/Desktop/lldb_codesign.cer
 
-- Right click on the "lldb_codesign" certificate in the "System" keychain (NOT
-  "login", but the one in "System"), and select "Delete" to delete it from
-  the "System" keychain.
+- Drag the "lldb_codesign" certificate from the "System" keychain back into the
+  "login" keychain
+- Quit Keychain Access
 - Reboot
 - Clean by removing all previously creating code signed binaries and rebuild
   lldb and you should be able to debug.
 
-That should do it.
+When you build your LLDB for the first time, the Xcode GUI will prompt you for permission
+to use the "lldb_codesign" keychain. Be sure to click "Always Allow" on your first
+build. From here on out, the "lldb_codesign" will be trusted and you can build from the
+command line without having to authorize. Also the first time you debug using a LLDB that
+was built with this code signing certificate, you will need to authenticate once.

More information about the lldb-commits mailing list